Halloween used for infecting PCs

Sophos is warning that a cybercriminal gang is attempting to hijack the Halloween festivities to infect the PCs of innocent computer users. Malicious spam emails direct internet users to a Halloween-themed website which offers a download of a dancing skeleton game, but which is really designed to install a Trojan horse that gives the hackers remote access to the user’s PC.

Emails containing the malicious links have a variety of subject lines including the following:

Happy Halloween
Dancing Bones
The most amazing dancing skeleton
Show this to the kids
Send this to your friends
Man this rocks

Graham Cluley, senior technology consultant for Sophos commented:

This is just the latest incarnation of the ecard campaign, also known as Storm, which has dominated the malware scene for months. The gang responsible are experts at choosing topical disguises and crafting alluring emails that the unwary may find difficult to resist. What’s even more frightening is that when innocent users click to see the skeleton dance, the site also plays The Vengaboys song ‘Boom boom boom boom’.